This is an automated email from the ASF dual-hosted git repository.
adoroszlai pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ratis-thirdparty.git
The following commit(s) were added to refs/heads/master by this push:
new 59eb104 RATIS-1507. [thirdparty] Clean up the vulnerabilities from
dependencies. (#25)
59eb104 is described below
commit 59eb104a222c3cc217c0858d1bda8546d72b6b8a
Author: Tsz-Wo Nicholas Sze <[email protected]>
AuthorDate: Tue Jan 25 15:51:05 2022 +0800
RATIS-1507. [thirdparty] Clean up the vulnerabilities from dependencies.
(#25)
---
.github/workflows/ci.yaml | 2 +-
pom.xml | 52 ++++------------------
test/pom.xml | 33 ++++++++++++--
.../apache/ratis/thirdparty/demo/GrpcClient.java | 3 +-
.../ratis/thirdparty/demo/GrpcSslClient.java | 3 +-
5 files changed, 41 insertions(+), 52 deletions(-)
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 09c2d08..2d2bef3 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -35,7 +35,7 @@ jobs:
with:
java-version: 8
- name: Run a full build
- run: mvn clean verify
+ run: mvn -Ptest clean verify
- name: Delete temporary build artifacts
run: rm -rf ~/.m2/repository/org/apache/ratis
if: always()
diff --git a/pom.xml b/pom.xml
index c5ef166..75c46f1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>org.apache</groupId>
<artifactId>apache</artifactId>
- <version>21</version>
+ <version>23</version>
<relativePath /> <!-- resolve from repository -->
</parent>
<artifactId>ratis-thirdparty</artifactId>
@@ -30,7 +30,6 @@
<inceptionYear>2017</inceptionYear>
<modules>
<module>misc</module>
- <module>test</module>
</modules>
<licenses>
<license>
@@ -67,7 +66,6 @@
<maven.compiler.target>1.8</maven.compiler.target>
<java.min.version>${maven.compiler.source}</java.min.version>
<maven.min.version>3.3.9</maven.min.version>
- <protobuf-maven-plugin.version>0.5.1</protobuf-maven-plugin.version>
<!--Version of protobuf to be shaded -->
<shaded.protobuf.version>3.19.2</shaded.protobuf.version>
@@ -81,10 +79,8 @@
<!-- third party library versions -->
<commons-lang3.version>3.8.1</commons-lang3.version>
<gson.version>2.8.2</gson.version>
- <guava.version>28.2-jre</guava.version>
+ <guava.version>31.0.1-jre</guava.version>
<io.opencensus.version>0.21.0</io.opencensus.version>
- <junit.version>4.13</junit.version>
- <slf4j.version>1.7.30</slf4j.version>
<ratis.thirdparty.shaded.prefix>org.apache.ratis.thirdparty</ratis.thirdparty.shaded.prefix>
<ratis.thirdparty.shaded.native.prefix>org_apache_ratis_thirdparty_</ratis.thirdparty.shaded.native.prefix>
@@ -155,29 +151,6 @@
<artifactId>opencensus-contrib-grpc-metrics</artifactId>
<version>${io.opencensus.version}</version>
</dependency>
- <dependency>
- <groupId>org.apache.commons</groupId>
- <artifactId>commons-lang3</artifactId>
- <version>${commons-lang3.version}</version>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-api</artifactId>
- <version>${slf4j.version}</version>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
- <version>${slf4j.version}</version>
- </dependency>
-
- <!-- Test only dependencies -->
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <version>${junit.version}</version>
- <scope>test</scope>
- </dependency>
</dependencies>
</dependencyManagement>
@@ -276,20 +249,6 @@
<artifactId>maven-bundle-plugin</artifactId>
<version>${maven-bundle-plugin.version}</version>
</plugin>
- <plugin>
- <groupId>org.xolstice.maven.plugins</groupId>
- <artifactId>protobuf-maven-plugin</artifactId>
- <version>${protobuf-maven-plugin.version}</version>
- <configuration>
- <protocArtifact>
-
com.google.protobuf:protoc:${shaded.protobuf.version}:exe:${os.detected.classifier}
- </protocArtifact>
- <!-- Place these in a location that compiler-plugin is already
looking -->
-
<outputDirectory>${project.build.directory}/generated-sources</outputDirectory>
- <!-- With multiple executions, this must be `false` otherwise we
wipe out the previous execution -->
- <clearOutputDirectory>false</clearOutputDirectory>
- </configuration>
- </plugin>
</plugins>
</pluginManagement>
@@ -420,5 +379,12 @@
</plugins>
</build>
</profile>
+
+ <profile>
+ <id>test</id>
+ <modules>
+ <module>test</module>
+ </modules>
+ </profile>
</profiles>
</project>
diff --git a/test/pom.xml b/test/pom.xml
index 7b3bf10..2db43f1 100644
--- a/test/pom.xml
+++ b/test/pom.xml
@@ -26,6 +26,13 @@
<description>Miscellaneous tests for Apache Ratis Thirdparty
Jar</description>
<url>https://github.com/apache/ratis-thirdparty</url>
+ <properties>
+ <protobuf-maven-plugin.version>0.6.1</protobuf-maven-plugin.version>
+
+ <junit.version>4.13.2</junit.version>
+ <slf4j.version>1.7.33</slf4j.version>
+ </properties>
+
<dependencies>
<dependency>
<groupId>org.apache.ratis</groupId>
@@ -34,19 +41,18 @@
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
+ <version>${junit.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
+ <version>${slf4j.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.commons</groupId>
- <artifactId>commons-lang3</artifactId>
+ <version>${slf4j.version}</version>
</dependency>
</dependencies>
@@ -58,6 +64,25 @@
<version>${os-maven-plugin.version}</version>
</extension>
</extensions>
+ <pluginManagement>
+ <plugins>
+ <plugin>
+ <groupId>org.xolstice.maven.plugins</groupId>
+ <artifactId>protobuf-maven-plugin</artifactId>
+ <version>${protobuf-maven-plugin.version}</version>
+ <configuration>
+ <protocArtifact>
+
com.google.protobuf:protoc:${shaded.protobuf.version}:exe:${os.detected.classifier}
+ </protocArtifact>
+ <!-- Place these in a location that compiler-plugin is already
looking -->
+
<outputDirectory>${project.build.directory}/generated-sources</outputDirectory>
+ <!-- With multiple executions, this must be `false` otherwise we
wipe out the previous execution -->
+ <clearOutputDirectory>false</clearOutputDirectory>
+ </configuration>
+ </plugin>
+ </plugins>
+ </pluginManagement>
+
<plugins>
<plugin>
<groupId>org.xolstice.maven.plugins</groupId>
diff --git
a/test/src/main/java/org/apache/ratis/thirdparty/demo/GrpcClient.java
b/test/src/main/java/org/apache/ratis/thirdparty/demo/GrpcClient.java
index 3ab28b5..e576eab 100644
--- a/test/src/main/java/org/apache/ratis/thirdparty/demo/GrpcClient.java
+++ b/test/src/main/java/org/apache/ratis/thirdparty/demo/GrpcClient.java
@@ -17,7 +17,6 @@
*/
package org.apache.ratis.thirdparty.demo;
-import org.apache.commons.lang3.StringUtils;
import org.apache.ratis.thirdparty.io.grpc.ManagedChannel;
import org.apache.ratis.thirdparty.io.grpc.ManagedChannelBuilder;
import org.apache.ratis.thirdparty.io.grpc.StatusRuntimeException;
@@ -59,7 +58,7 @@ public class GrpcClient {
return response.getMessage();
} catch (StatusRuntimeException e) {
LOG.warn("RPC failed: {0}", e.getStatus());
- return StringUtils.EMPTY;
+ return "";
}
}
diff --git
a/test/src/main/java/org/apache/ratis/thirdparty/demo/GrpcSslClient.java
b/test/src/main/java/org/apache/ratis/thirdparty/demo/GrpcSslClient.java
index 91de12f..d93029d 100644
--- a/test/src/main/java/org/apache/ratis/thirdparty/demo/GrpcSslClient.java
+++ b/test/src/main/java/org/apache/ratis/thirdparty/demo/GrpcSslClient.java
@@ -17,7 +17,6 @@
*/
package org.apache.ratis.thirdparty.demo;
-import org.apache.commons.lang3.StringUtils;
import org.apache.ratis.thirdparty.io.grpc.ManagedChannel;
import org.apache.ratis.thirdparty.io.grpc.ManagedChannelBuilder;
import org.apache.ratis.thirdparty.io.grpc.StatusRuntimeException;
@@ -84,7 +83,7 @@ public class GrpcSslClient {
return response.getMessage();
} catch (StatusRuntimeException e) {
LOG.warn("RPC failed: {0}", e.getStatus(), e);
- return StringUtils.EMPTY;
+ return "";
}
}
}
